jump to navigation

Recent Voicemail Hacking allegations at Murdoch News World exposes new Vulnerabilities in Communication Networks July 8, 2011

Posted by admin in : Uncategorized , comments closed

Recent coverage on voicemail hacking at “The News of the World” has exposed new set of vulnerabilities and threat vectors that can plague telephony networks. Allegations continue to multiply over its journalists hacking into voicemails of thousands of people from child murder victims, war victims, members of the royal family, parliament and other important dignitaries. Sensitive conversations were either phone tapped or voice mails hacked into to gather dirt material that eventually made it into the tabloids.  According to latest coverage on the topic, the magnitude of the scandal has resulted in a decision to close the “The News of The world” paper.

In this global information age, the power of early access to information by perpetrators through malicious means often is a pre-cursor to more sophisticated illegitimate activities such as insider trading activities, leakage of sensitive information, stealing of company trade secrets, industry espionage or press tabloid materials as in the above case.

The growing prominence of IP- based communication networks and applications are empowering the user with ubiquitous instant-on connectivity, communications and collaboration with any person from any device, any location and at any time. This powerful user experience was never possible before and is now achievable through all pervasive and standard based IP networks. As a result, the conventional definition of perimeter security defense no longer exists. Any weakest link in the end-2-end communication leg can now effectively become the prima facie point for perpetrators to conduct malicious activities.

The stakeholders must understand that securing IP based communication networks and applications present unique security challenges that are vastly different and much stringent when compared to securing data applications – requiring near- zero false-positives and negatives, possessing deep understanding of call control (and services) stacks, device tracking, user/  application analytics, firewall capabilities possessing deep understanding of voice/video and UC protocols. The pervasiveness of IP-based communication networks makes it just much easier now to carry the hacking activities – wiretapping into conversations, brute force crawling and identifications of legal usernames/ extensions, illegitimate call pattern tracking, interception/rerouting of call traffic to hacker locations, presence tracking, stealing confidential voice messages from specific individuals (or extensions) are just few examples of security threats that can plague VOIP/UC networks if proper security measures are not enforced.

RedShift Networks honey pot research conducted over several months has indicated several threat vectors open in the wild today ranging from Voice/UC Denial-of-Service (VDOS/UC-DOS) attacks, SPAM over Internet Telephony (SPIT) attacks, Eavesdropping, Spoofing, Number Harvesting, Protocol Fuzzing, Toll Fraud, SQL Injections, Media tampering and a myriad of UC Infrastructure and Application layer threats. All these new threat vectors go completely undetected using existing protective solutions. Gartner in their recent study strongly recommend the use of SIP-aware Firewalls to protect your communication networks. For more information about RedShift Networks, products and services, please visit www.redshiftnetworks.com.

Ref — http://news.yahoo.com/uk-soldiers-targeted-murdoch-phone-hacking-scandal-report-030337129.html

Lead Story of the Month May 25, 2011

Posted by admin in : Redshift Networks , comments closed

RedShift Networks, the leader in secure communications and collaboration solutions, announces the availability of RedShift UCTM E-SBC session border control appliance heavily tuned to serve the demanding security and interoperability requirements for enterprise VOIP/UC deployments. ??With the growing SIP Trunk deployments, RedShift UCTM E-SBC appliance provides unparalleled levels of security, control and visibility for today’s demanding Enterprise UC & Collaboration networks – far exceeding security on any other E-SBC available in the planet today.

Redshift Networks is a Finalist for the 2011 Red Herring Top 100 North America Award May 25, 2011

Posted by admin in : Redshift Networks , comments closed

Redshift Networks announced today it has been selected as a Finalist for Red Herring’s Top 100 North America award, a prestigious list honoring the year’s most promising private technology ventures from the North American business region.

The Red Herring editorial team selected the most innovative companies from a pool of hundreds from across North America. The nominees are evaluated on both quantitative and qualitative criteria, such as financial performance, technology innovation, quality of management, execution of strategy, and integration into their respective industries.

This unique assessment of potential is complemented by a review of the actual track record and standing of a company, which allows Red Herring to see past the “buzz” and make the list an valuable instrument for discovering and advocating the greatest business opportunities in the industry.

“This year was very rewarding,” said Alex Vieux, publisher and CEO of Red Herring. “The global economic situation has abated and there are many great companies producing really innovative and amazing products. We had a very difficult time narrowing the pool and selecting the finalists. Redshift Networks shows great promise therefore deserves to be among the Finalists. Now we’re faced with the difficult task of selecting the Top 100 winners of Red Herring North America. We know that the 2011 crop will grow into some amazing companies that are sure to make an impact.”

Finalists for the 2011 edition of the Red Herring 100 North America award are selected based upon their technological innovation, management strength, market size, investor record, customer acquisition, and financial health. During the several months leading up to the announcement, hundreds of companies in the telecommunications, security, Web 2.0, software, hardware, biotech, mobile and other industries completed their submissions to qualify for the award.

The Finalists are invited to present their winning strategies at the Red Herring North America Forum in Hollywood, California, June 13-15, 2011. The Top 100 winners will be announced at a special awards ceremony the evening of June 15 at the event.

Use of Side channel attacks on High Frequency Trading networks to profit Millions of Dollars January 11, 2011

Posted by admin in : Uncategorized , add a comment

High frequency trading networks which complete stock transactions in micro seconds can be vulnerable to manipulation by the hackers for unfair advantage. By inserting small amounts of nuisance packets and thereby latencies to the otherwise good traffic can subtly alter the course of the trading decisions resulting in pocketing millions of dollars in a matter of few seconds. A few extra milliseconds can enable trades to execute ahead of the competition, thereby increasing profits for the hackers.

With the growing adoption of VOIP technologies, ubiquitous connectivity, sophisticated online betting (and trading) algorithms, a sub micro second delay can result in enough perturbations to cause severe losses!!

The scary part is that there is no adequate security solution in the market today to adequately combat this threat. Traditional rate based controls that Session Border Controllers (SBC) provide are good in detecting DOS attacks when there is a sudden upsurge in malicious traffic coming from a specific IP source. However, a side-channel attack is infinitely more subtle, as it adds just enough nuisance packets to a legitimate data stream to slow the data just enough to give someone else a chance to move first in the market. And these attacks can be simultaneously triggered from multiple random source locations making the detection even much harder.

What is need is pretty much a self-guided learning and mitigation system that automatically figures out such nuisance traffic in real time; no matter where it comes from, what packet granularity it may arrive in or at what rate it comes in; thwart it, blacklist the offending source locations while allowing legitimate business traffic to operate uninterrupted at mission critical latencies. This will be the true utopia security solution required to protect such high frequency trading networks against these attacks.

Ref — http://www.infoworld.com/d/the-industry-standard/hackers-find-new-way-cheat-wall-street-everyones-peril-699?source=IFWNLE_nlt_daily_2011-01-06

Phone hacking on United Kingdom Members of Parliaments and on Royals October 4, 2010

Posted by admin in : Recent Attack , add a comment

This past month the United Kingdom is in the midst of a scandal involving the local newspapers and the Members of Parliament in the country. Apparently several overzealous journalists authorized the hacking of the phones and voicemails of Members of Parliaments and of several Royals to collect ‘dirt’ on them. This has caused quite a stir which has been exasperated as the current ‘Media Director’ of the Prime Minister’s office supposedly authorized or knew about these hackings while he was working for these newspapers. Here is the link that talks about this scandal.

This has tremendous security implications. Suppose that they were not listening or looking for ‘dirt’ but listening to sensitive information related to National Security for the United Kingdom and their allies. This was carried out by a bunch of journalists who are amateurs in this ‘hacking’ environment. Supposed this was carried out more sophisticated elements of any government or any industrial espionage ring or even criminal or terrorist elements. Imagine the implications of this. All of this occurred because the phone and voicemail edi the Unified Communications and Collaborations were not secured properly.

That’s why it is so vital to comprehensively secure these Voice and Video environments – Unified Communications & Collaborations application and networks MUST be secure!!

VOIP/UC Network Botnet Scanning and Discovery based Attacks on the Rise July 28, 2010

Posted by admin in : Redshift Networks, Security Threats, UC&C , add a comment

Rich Unified Communications and Collaboration (UC&C) services are now being delivered across any device, any place and at any time. With the rise of new powerful fixed and mobile endpoint technologies such as the IPAD, the Android or IPhone smart phone,  customers are now embracing UC/VOIP services at a potential never possible before.  As a result, VOIP/UC networks are also becoming more porous as the network perimeter once confined and secured inside the DMZ perimeter is now extended across multiple untrusted domains, geographies, users and endpoints.  The traditional definition of security perimeter is now broken.

In this posting, we talk about VOIP/UC network Botnet scanning and discovery based attacks being on the rise. The specific attacks happened in one of the major VOIP provider and this makes it very interesting. The SIP provides OPTIONS methods that allow a User Agent (UA) to query another UA or a proxy server as to its capabilities. This allows a client to discover information about the supported methods, content types, extensions, codecs, etc. without “ringing” the other party. All UAs MUST support the OPTIONS method.

Unfortunately, this also provides base for attackers to probe the network and find out more details on the internal VOIP/UC network topology, endpoints, server IPs, valid usernames or extensions etc. The attacker studies the responses from methods such as SIP OPTIONS, REGISTER or INVITE methods to make some pretty good guesses on valid extensions, usernames or server IPs etc. This often is a precursor to more sophisticated attacks such as Toll Fraud attacks, eavesdropping, message stealing, stealth DOS attacks on specific user extensions, War Dialing and SPAM attacks.

The scary part is that there are lot of publicly available tools that can quickly brute force and automate the generation of such requests and provide a list of valid usernames, extensions, user credentials, server names, IPs etc. Preventing such attacks without employing a sophisticated UC stateful and protection device is very difficult. It is very hard to shield UC/VOIP services that by their very nature need to be exposed to a certain extent.

Attacks are happening on our customers networks July 24, 2010

Posted by admin in : Redshift Networks, UC&C , add a comment

We’ve been working very hard building our business with our products getting installed in different networks across the globe. We have started to see from our current deployments that attacks are happening in the Unified Communications and Collaboration realm. There is already a lot of news in the press and on the web about these attacks. We’re seeing our customers get attacked!!

Unfortunately enterprises and carriers that have Unified Communication & Collaboration solutions and applications can’t detect these attacks; The current generation of security solutions are not adequate enough to provide protection or trace these new security threats. (more…)

Google your Unified Communications & Collaborations (UC&C) Infrastructure May 27, 2010

Posted by admin in : Redshift Networks, Security Threats , add a comment

It’s surprising and often easy to note how widespread and far reaching internet is today. Long time ago, Johnny Long documented on internet how one can use Google searches effectively to search for relevant and confidential information over the internet.

There’s a lot of information around the network around this topic; surprisingly one using very simple scanning and discovery tools can find lot of information about companies that otherwise should never be disclosed. Most often, this is due to poor security controls being placed on information disclosure.

Do you know what information is available on the internet about your UC&C Infrastructure? Do you know if anybody can reconfigure your telephone from internet?

So, I started googling the web in search for specific information about edi UC&C infrastructures using some standard keywords as listed below. The results are very alarming and show that several UC&C internal networks and systems are publicly visible on the internet with very little security controls. Typical results ranged from absolutely no security enforcements being placed to limited security that uses default vendor published passwords that are easy for anyone to guess. (more…)

About this blog May 26, 2010

Posted by admin in : Redshift Networks , add a comment

amitava-mukherjeeMy name is Amitava Mukherjee and I am the CEO of RedShift Networks. We are a company based in Silicon Valley, California, with offices around the world.

This blog is meant to address the growing concern of security threats and attacks around Unified Communications, Collaboration and video/voice web-based applications. (more…)